Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
77
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
85
Finding 5 bugs in a single parameter
jr0ch17
0
61
Beyond the Borders of Scope
jr0ch17
0
43
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
3
310
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
390
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
160
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
170
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
[Ruby] Develop a Morse Code Learning Gem & Beep from Strings
oguressive
1
170
re:Invent をおうちで楽しんでみた ~CloudWatch のオブザーバビリティ機能がスゴい!/ Enjoyed AWS re:Invent from Home and CloudWatch Observability Feature is Amazing!
yuj1osm
0
130
サイボウズフロントエンドエキスパートチームについて / FrontendExpert Team
cybozuinsideout
PRO
5
38k
DevFest 2024 Incheon / Songdo - Compose UI 조합 심화
wisemuji
0
110
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
290
20241220_S3 tablesの使い方を検証してみた
handy
4
610
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
A Tale of Four Properties
chriscoyier
157
23k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
Rails Girls Zürich Keynote
gr2m
94
13k
Optimizing for Happiness
mojombo
376
70k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7k
Facilitating Awesome Meetings
lara
50
6.1k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and